The OWASP, also known as “Open Web Application Security Project”, is an internationally recognized non-profit organization solely dedicated to the security of web applications. It was first developed in 2003. The OWASP has one core principle that every material is available to the public for free, and everyone can improve their web application security. The …
What is OWASP and what are the Top 10 OWASP threats? Read More »
Structured Query Language Injection is a way of code modification technique which is used to change the data from SQL databases. By using this command, any unauthorized user can use to identify a more privileged user. In modern technique, SQL injection occurs over the internet by sending queries to an API endpoint. Some query field …
Delivering web pages and data over HTTP connections exposes users to security risks. Because servers are usually not connected directly to each other, they must pass their requests and responses through a series of network routers. These routers, located in-between servers, have complete access to requests sent via HTTP connections. Since the data is transferred …
Web scraping is the process of data extraction from different websites. It is done by using a piece of code known as “scraper”. It includes sending a ‘GET’ type query and then HTML parsing of the received content. After parsing, the scraper searches for the specified data and convert it into the specified document. The …
Phishing is a social engineering attack which is an attempt to steal sensitive and personal user information with the ill intents of gaining illegal access or financial gains. The stolen information can be in the form of usernames, passwords, bank account details or credit card numbers. The attackers utilize this information in two ways: either …
Via token authentication features, users can implement access control via URL parameters or HTTP request headers without having to build complex back-end systems Take mlytics platform as an example, we will check these tokens at the Web Application Firewall (WAF) before any request is relayed to an origin. If the token is not valid the request is …
A man-in-the-middle attack is a method which an attacker places himself in between the two devices and intercepts or modifies the messages/communication. The attacker is also able of impersonating as either of two agents and can do unauthorized actions. The attack needs three participants: the victim, the entity/system under attack and the middleman who eavesdrops. …
The Cross-Site Scripting also known as XSS is a prevalent web security threat and one of the favorite method of attackers to steal your personal information. Cross-site scripting, which targets users, made up almost one-third of the total number of attacks. In XSS, the web hackers add a malicious piece of codes in your Server …
Cross-Site Request Forgery (CSRF), also known as Session Riding is a type of web threat that manipulates the web browser into performing an unwanted action on the application or website to which a user is currently logged in. A successful CSRF attack can lead to serious consequences e.g. loss of business reputation and customer confidence, …
The DDoS mitigation is a process of protecting the targeted network from the anticipated DDoS attack. A special purpose network equipment or an alternative cloud-based security measures are used for protecting the networks from attackers. Typically, a DDoS mitigation process consists of 4 steps: The detection of possible traffic flow anomalies that may indicate the …
